UA EN RU
All topics
Topics
UA EN RU
Last news
Trump announces negotiations with China regarding the TikTok deal today, 10:50
Putin wants to go all the way and kill people: Trump commented on the conversation with Zelensky today, 10:35
Enemy losses as of July 5, 2025 – General Staff of the Armed Forces of Ukraine today, 08:44
The US is sabotaging Trump's peace plan: expert names the culprit in the Pentagon yesterday, 18:10
Ukraine Awaits a Summer of Ruthless Attacks: WSJ Reveals Putin's New Plan yesterday, 16:55
Response on 'Shahedi': The Armed Forces of Ukraine struck a key defense industry facility in the Moscow region yesterday, 14:25
The state operator of the rear spoke about sanctions against unscrupulous suppliers yesterday, 14:00
Russia struck 550 targets: Zelensky revealed details of the largest combined attack on Ukraine yesterday, 13:35
Training 'Sea Breeze 2025': what tasks for Ukrainian ships yesterday, 12:20
Ukraine has doubled the number of new military vehicles yesterday, 11:55
The enemy has switched to a new tactic in southern Ukraine - Defense Forces yesterday, 11:05
Who the Regional Recruitment Centers can declare wanted: what military conscripts should know yesterday, 10:15
Poland Prepares for War Drawing on Ukrainian Experience - Diplomat yesterday, 09:50
Enemy losses as of July 4, 2025 – General Staff of the Armed Forces of Ukraine yesterday, 08:55
Show more

Targeted cyberattacks on the defense sector recorded in Ukraine via a popular messenger.

19.03.2025 2402
Shostal Oleksandr
Journalist Shostal Oleksandr
19.03.2025 2402
Cyberattacks on the defense sector recorded
Cyberattacks on the defense sector recorded

The CERT-UA team has detected cyberattacks on employees of the defense industry and the Armed Forces of Ukraine.

In March 2025, messages containing reports were found in the Signal messenger. Some messages were sent from individuals with compromised accounts to increase trust.

Typically, these archives contain a .pdf file and an executable file named DarkTortilla. DarkTortilla is a crypter/loader used to launch the remote control program Dark Crystal RAT (DCRAT).

'It should be noted that this activity has been tracked under the identifier UAC-0200 since at least the summer of 2024. Meanwhile, starting in February 2025, the content of the bait messages relates to UAVs, electronic warfare means, etc. The use of popular messengers, both on mobile devices and computers, significantly expands the attack surface, including by creating uncontrolled (in terms of protection means) channels for information exchange,' - CERT-UA reported.

Read also
Read 112.ua in telegramtelegramm logo
Read 112.ua in googlegoogle logo
You may be interested
Trump announces negotiations with China regarding the TikTok deal
Trump announces negotiations with China regarding the TikTok deal
today, 10:50 646
Putin wants to go all the way and kill people: Trump commented on the conversation with Zelensky
Putin wants to go all the way and kill people: Trump commented on the conversation with Zelensky
today, 10:35 651
Enemy losses as of July 5, 2025 – General Staff of the Armed Forces of Ukraine
Enemy losses as of July 5, 2025 – General Staff of the Armed Forces of Ukraine
today, 08:44 790
The US is sabotaging Trump's peace plan: expert names the culprit in the Pentagon
The US is sabotaging Trump's peace plan: expert names the culprit in the Pentagon
yesterday, 18:10 1053
Ukraine Awaits a Summer of Ruthless Attacks: WSJ Reveals Putin's New Plan
Ukraine Awaits a Summer of Ruthless Attacks: WSJ Reveals Putin's New Plan
yesterday, 16:55 1129
Response on 'Shahedi': The Armed Forces of Ukraine struck a key defense industry facility in the Moscow region
Response on 'Shahedi': The Armed Forces of Ukraine struck a key defense industry facility in the Moscow region
yesterday, 14:25 1186

Advertising